CVE-2017-8085
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
Date published : 2017-04-24
http://www.securityfocus.com/bid/98043
http://www.exponentcms.org/news/patch-5-released-for-v2-4-1-to-fix-a-few-critical-issues